package com.fengmi.security;

import com.fengmi.except.MyAccessDenied;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 作者：陈学虎
 * 时间：2021/7/14 0014 下午 4:22
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true,jsr250Enabled = true)
public class CustomerSecurityConfiguration extends WebSecurityConfigurerAdapter {

    //静态资源放行

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/v2/api-docs",
                "/configuration/ui",
                "/swagger-resources/**",
                "/configuration/security",
                "/swagger-ui.html",
                "/webjars/**");
    }


    //资源访问权限定义
    @Autowired
    private MyAccessDenied myAccessDenied;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //登录界面和登录请求放行
                .antMatchers("/user/login","/user/verify").permitAll()
                //剩下界面都需要登录才放行
                .anyRequest().authenticated();

        http.addFilter(new MyBasicAuthenticationFilter(authenticationManager()));


        http.csrf().disable();
        http.cors();
        //自定义的403异常处理
        http.exceptionHandling().accessDeniedHandler(myAccessDenied);
    }


    //基于数据库的自定义认证


}
